The GEO Group, an organization recognized for operating personal prisons and unlawful immigration detention facilities within the US and different international locations, says it suffered a ransomware assault over the summer season.
Private information and well being info for some inmates and residents was uncovered in the course of the incident, which befell on August 19.
This contains information for inmates and staff on the South Bay Correctional and Rehabilitation Facility in Florida, a youth facility in Marienville, Pennsylvania, and a now-closed facility in California, the corporate advised ZDNet.
“GEO applied a number of containment and remediation measures to handle the incident, restore its techniques and reinforce the safety of its networks and data expertise techniques,” the corporate stated.
GEO stated it recovered its information however didn’t say if this meant restoring from backups or paying the ransomware gang to decrypt its recordsdata.
In documents filed with the US Securities Exchange Commission on Tuesday, the GEO Group performed down the safety breach and stated its aftermath will not have any materials affect on its enterprise, operations, or monetary outcomes.
The corporate is now sending data breach notification letters to all impacted people.
Uncovered private particulars may embody title, deal with, date of start, Social Safety quantity, worker ID quantity, driver’s license quantity, medical therapy info, and different health-related info.
The incident impacted solely a small portion of the GEO Group’s community, which incorporates 123 personal prisons, processing facilities, and group reentry facilities in the US, Australia, South Africa, and the UK.
US authorities contracts amounted for greater than half of the GEO Group’s 2019 income, in response to the corporate’s yearly 10-K form filed with the SEC.
The corporate’s inventory worth fell 14% from $9.76 on the finish of buying and selling on Tuesday to $8.38 the following day, after GEO disclosed the incident.